Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-4M73-G897-42FR

Vulnerability from github – Published: 2026-07-02 00:31 – Updated: 2026-07-02 15:32
VLAI
Details

A NULL pointer dereference in the AP4_AtomSampleTable::GetSample() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-36912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-01T22:16:48Z",
    "severity": "HIGH"
  },
  "details": "A NULL pointer dereference in the AP4_AtomSampleTable::GetSample() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.",
  "id": "GHSA-4m73-g897-42fr",
  "modified": "2026-07-02T15:32:03Z",
  "published": "2026-07-02T00:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36912"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Aleksoid1978/MPC-BE/issues/1062"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/511"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4M75-MG2M-9PF6

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: fix null pointer dereference

Asus chromebook CX550 crashes during boot on v5.17-rc1 kernel. The root cause is null pointer defeference of bi_next in tgl_get_bw_info() in drivers/gpu/drm/i915/display/intel_bw.c.

BUG: kernel NULL pointer dereference, address: 000000000000002e PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 1 Comm: swapper/0 Tainted: G U 5.17.0-rc1 Hardware name: Google Delbin/Delbin, BIOS Google_Delbin.13672.156.3 05/14/2021 RIP: 0010:tgl_get_bw_info+0x2de/0x510 ... [ 2.554467] Call Trace: [ 2.554467] [ 2.554467] intel_bw_init_hw+0x14a/0x434 [ 2.554467] ? _printk+0x59/0x73 [ 2.554467] ? _dev_err+0x77/0x91 [ 2.554467] i915_driver_hw_probe+0x329/0x33e [ 2.554467] i915_driver_probe+0x4c8/0x638 [ 2.554467] i915_pci_probe+0xf8/0x14e [ 2.554467] ? _raw_spin_unlock_irqrestore+0x12/0x2c [ 2.554467] pci_device_probe+0xaa/0x142 [ 2.554467] really_probe+0x13f/0x2f4 [ 2.554467] __driver_probe_device+0x9e/0xd3 [ 2.554467] driver_probe_device+0x24/0x7c [ 2.554467] __driver_attach+0xba/0xcf [ 2.554467] ? driver_attach+0x1f/0x1f [ 2.554467] bus_for_each_dev+0x8c/0xc0 [ 2.554467] bus_add_driver+0x11b/0x1f7 [ 2.554467] driver_register+0x60/0xea [ 2.554467] ? mipi_dsi_bus_init+0x16/0x16 [ 2.554467] i915_init+0x2c/0xb9 [ 2.554467] ? mipi_dsi_bus_init+0x16/0x16 [ 2.554467] do_one_initcall+0x12e/0x2b3 [ 2.554467] do_initcall_level+0xd6/0xf3 [ 2.554467] do_initcalls+0x4e/0x79 [ 2.554467] kernel_init_freeable+0xed/0x14d [ 2.554467] ? rest_init+0xc1/0xc1 [ 2.554467] kernel_init+0x1a/0x120 [ 2.554467] ret_from_fork+0x1f/0x30 [ 2.554467] ... Kernel panic - not syncing: Fatal exception

(cherry picked from commit c247cd03898c4c43c3bce6d4014730403bc13032)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49960"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:23Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: fix null pointer dereference\n\nAsus chromebook CX550 crashes during boot on v5.17-rc1 kernel.\nThe root cause is null pointer defeference of bi_next\nin tgl_get_bw_info() in drivers/gpu/drm/i915/display/intel_bw.c.\n\nBUG: kernel NULL pointer dereference, address: 000000000000002e\nPGD 0 P4D 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 1 Comm: swapper/0 Tainted: G     U            5.17.0-rc1\nHardware name: Google Delbin/Delbin, BIOS Google_Delbin.13672.156.3 05/14/2021\nRIP: 0010:tgl_get_bw_info+0x2de/0x510\n...\n[    2.554467] Call Trace:\n[    2.554467]  \u003cTASK\u003e\n[    2.554467]  intel_bw_init_hw+0x14a/0x434\n[    2.554467]  ? _printk+0x59/0x73\n[    2.554467]  ? _dev_err+0x77/0x91\n[    2.554467]  i915_driver_hw_probe+0x329/0x33e\n[    2.554467]  i915_driver_probe+0x4c8/0x638\n[    2.554467]  i915_pci_probe+0xf8/0x14e\n[    2.554467]  ? _raw_spin_unlock_irqrestore+0x12/0x2c\n[    2.554467]  pci_device_probe+0xaa/0x142\n[    2.554467]  really_probe+0x13f/0x2f4\n[    2.554467]  __driver_probe_device+0x9e/0xd3\n[    2.554467]  driver_probe_device+0x24/0x7c\n[    2.554467]  __driver_attach+0xba/0xcf\n[    2.554467]  ? driver_attach+0x1f/0x1f\n[    2.554467]  bus_for_each_dev+0x8c/0xc0\n[    2.554467]  bus_add_driver+0x11b/0x1f7\n[    2.554467]  driver_register+0x60/0xea\n[    2.554467]  ? mipi_dsi_bus_init+0x16/0x16\n[    2.554467]  i915_init+0x2c/0xb9\n[    2.554467]  ? mipi_dsi_bus_init+0x16/0x16\n[    2.554467]  do_one_initcall+0x12e/0x2b3\n[    2.554467]  do_initcall_level+0xd6/0xf3\n[    2.554467]  do_initcalls+0x4e/0x79\n[    2.554467]  kernel_init_freeable+0xed/0x14d\n[    2.554467]  ? rest_init+0xc1/0xc1\n[    2.554467]  kernel_init+0x1a/0x120\n[    2.554467]  ret_from_fork+0x1f/0x30\n[    2.554467]  \u003c/TASK\u003e\n...\nKernel panic - not syncing: Fatal exception\n\n(cherry picked from commit c247cd03898c4c43c3bce6d4014730403bc13032)",
  "id": "GHSA-4m75-mg2m-9pf6",
  "modified": "2025-11-14T18:31:22Z",
  "published": "2025-06-18T12:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49960"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/458ec0c8f35963626ccd51c3d50b752de5f1b9d4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c2798203315f4729bab0b917bf4c17a159abf9f8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4M78-CVJ8-M5M2

Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: mvpp2: guard flow control update with global_tx_fc in buffer switching

mvpp2_bm_switch_buffers() unconditionally calls mvpp2_bm_pool_update_priv_fc() when switching between per-cpu and shared buffer pool modes. This function programs CM3 flow control registers via mvpp2_cm3_read()/mvpp2_cm3_write(), which dereference priv->cm3_base without any NULL check.

When the CM3 SRAM resource is not present in the device tree (the third reg entry added by commit 60523583b07c ("dts: marvell: add CM3 SRAM memory to cp11x ethernet device tree")), priv->cm3_base remains NULL and priv->global_tx_fc is false. Any operation that triggers mvpp2_bm_switch_buffers(), for example an MTU change that crosses the jumbo frame threshold, will crash:

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits pc : readl+0x0/0x18 lr : mvpp2_cm3_read.isra.0+0x14/0x20 Call trace: readl+0x0/0x18 mvpp2_bm_pool_update_fc+0x40/0x12c mvpp2_bm_pool_update_priv_fc+0x94/0xd8 mvpp2_bm_switch_buffers.isra.0+0x80/0x1c0 mvpp2_change_mtu+0x140/0x380 __dev_set_mtu+0x1c/0x38 dev_set_mtu_ext+0x78/0x118 dev_set_mtu+0x48/0xa8 dev_ifsioc+0x21c/0x43c dev_ioctl+0x2d8/0x42c sock_ioctl+0x314/0x378

Every other flow control call site in the driver already guards hardware access with either priv->global_tx_fc or port->tx_fc. mvpp2_bm_switch_buffers() is the only place that omits this check.

Add the missing priv->global_tx_fc guard to both the disable and re-enable calls in mvpp2_bm_switch_buffers(), consistent with the rest of the driver.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23438"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T16:16:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: guard flow control update with global_tx_fc in buffer switching\n\nmvpp2_bm_switch_buffers() unconditionally calls\nmvpp2_bm_pool_update_priv_fc() when switching between per-cpu and\nshared buffer pool modes. This function programs CM3 flow control\nregisters via mvpp2_cm3_read()/mvpp2_cm3_write(), which dereference\npriv-\u003ecm3_base without any NULL check.\n\nWhen the CM3 SRAM resource is not present in the device tree (the\nthird reg entry added by commit 60523583b07c (\"dts: marvell: add CM3\nSRAM memory to cp11x ethernet device tree\")), priv-\u003ecm3_base remains\nNULL and priv-\u003eglobal_tx_fc is false. Any operation that triggers\nmvpp2_bm_switch_buffers(), for example an MTU change that crosses\nthe jumbo frame threshold, will crash:\n\n  Unable to handle kernel NULL pointer dereference at\n  virtual address 0000000000000000\n  Mem abort info:\n    ESR = 0x0000000096000006\n    EC = 0x25: DABT (current EL), IL = 32 bits\n  pc : readl+0x0/0x18\n  lr : mvpp2_cm3_read.isra.0+0x14/0x20\n  Call trace:\n   readl+0x0/0x18\n   mvpp2_bm_pool_update_fc+0x40/0x12c\n   mvpp2_bm_pool_update_priv_fc+0x94/0xd8\n   mvpp2_bm_switch_buffers.isra.0+0x80/0x1c0\n   mvpp2_change_mtu+0x140/0x380\n   __dev_set_mtu+0x1c/0x38\n   dev_set_mtu_ext+0x78/0x118\n   dev_set_mtu+0x48/0xa8\n   dev_ifsioc+0x21c/0x43c\n   dev_ioctl+0x2d8/0x42c\n   sock_ioctl+0x314/0x378\n\nEvery other flow control call site in the driver already guards\nhardware access with either priv-\u003eglobal_tx_fc or port-\u003etx_fc.\nmvpp2_bm_switch_buffers() is the only place that omits this check.\n\nAdd the missing priv-\u003eglobal_tx_fc guard to both the disable and\nre-enable calls in mvpp2_bm_switch_buffers(), consistent with the\nrest of the driver.",
  "id": "GHSA-4m78-cvj8-m5m2",
  "modified": "2026-07-14T15:31:45Z",
  "published": "2026-04-03T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23438"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0cfcd31f98fc608dc9406bff3fee3a9dd364d014"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7bd20f4b3ef3044dc55acd5b8ef748a70d29d03f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7df2b50cae1a76cbb90b294f3edb61e3e10bf2e9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8a63baadf08453f66eb582fdb6dd234f72024723"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8baced53a35fc9710f80d6ca016a2c418dc3231f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da089f74a993f846685067b14158cb41b879ff29"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ff0c54f088f7ab91dbbf47cf8244460f99122750"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4M93-727G-C564

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14
VLAI
Details

SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-14T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system.",
  "id": "GHSA-4m93-727g-c564",
  "modified": "2022-05-24T19:14:26Z",
  "published": "2022-05-24T19:14:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38177"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3051787"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/165749/SAP-CommonCryptoLib-Null-Pointer-Dereference.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Jan/74"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4M9V-P964-9Q24

Vulnerability from github – Published: 2022-05-14 03:27 – Updated: 2022-05-14 03:27
VLAI
Details

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10162"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-24T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.",
  "id": "GHSA-4m9v-p964-9q24",
  "modified": "2022-05-14T03:27:45Z",
  "published": "2022-05-14T03:27:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10162"
    },
    {
      "type": "WEB",
      "url": "https://github.com/php/php-src/commit/8d2539fa0faf3f63e1d1e7635347c5b9e777d47b"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1296"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=73831"
    },
    {
      "type": "WEB",
      "url": "http://php.net/ChangeLog-7.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95668"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037659"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4MC8-63F2-Q4P2

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-12-30 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference

In tpg110_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52826"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:20Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel/panel-tpo-tpg110: fix a possible null pointer dereference\n\nIn tpg110_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.",
  "id": "GHSA-4mc8-63f2-q4p2",
  "modified": "2024-12-30T21:30:46Z",
  "published": "2024-05-21T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52826"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/84c923d898905187ebfd4c0ef38cd1450af7e0ea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9268bfd76bebc85ff221691b61498cc16d75451c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9acc2bc00135e9ecd13a70ce1140e2673e504cdc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d0bc9ab0a161a9745273f5bf723733a8e6c57aca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eaede6900c0961b072669d6bd97fe8f90ed1900f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f22def5970c423ea7f87d5247bd0ef91416b0658"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4MHV-8RH3-4GHW

Vulnerability from github – Published: 2025-09-17 20:10 – Updated: 2025-09-26 16:18
VLAI
Summary
DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error
Details

Impact

We found two instances in the DragonFly codebase where the first return value of a function is dereferenced even when the function returns an error (figures 9.1 and 9.2). This can result in a nil dereference, and cause code to panic. The codebase may contain additional instances of the bug.

request, err := source.NewRequestWithContext(ctx, parentReq.Url,
parentReq.UrlMeta.Header)
if err != nil {
       log.Errorf("generate url [%v] request error: %v", request.URL, err)
       span.RecordError(err)
       return err
}

Eve is a malicious actor operating a peer machine. She sends a dfdaemonv1.DownRequest request to her peer Alice. Alice’s machine receives the request, resolves a nil variable in the server.Download method, and panics.

Patches

  • Dragonfy v2.1.0 and above.

Workarounds

There are no effective workarounds, beyond upgrading.

References

A third party security audit was performed by Trail of Bits, you can see the full report.

If you have any questions or comments about this advisory, please email us at dragonfly-maintainers@googlegroups.com.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/dragonflyoss/dragonfly"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "d7y.io/dragonfly/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-17T20:10:53Z",
    "nvd_published_at": "2025-09-17T20:15:37Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nWe found two instances in the DragonFly codebase where the first return value of a function is dereferenced even when the function returns an error (figures 9.1 and 9.2). This can result in a nil dereference, and cause code to panic. The codebase may contain additional instances of the bug.\n\n```golang\nrequest, err := source.NewRequestWithContext(ctx, parentReq.Url,\nparentReq.UrlMeta.Header)\nif err != nil {\n       log.Errorf(\"generate url [%v] request error: %v\", request.URL, err)\n       span.RecordError(err)\n       return err\n}\n```\n\nEve is a malicious actor operating a peer machine. She sends a dfdaemonv1.DownRequest request to her peer Alice. Alice\u2019s machine receives the request, resolves a nil variable in the server.Download method, and panics.\n\n### Patches\n\n- Dragonfy v2.1.0 and above.\n\n### Workarounds\n\nThere are no effective workarounds, beyond upgrading.\n\n### References\n\nA third party security audit was performed by Trail of Bits, you can see the [full report](https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf).\n\nIf you have any questions or comments about this advisory, please email us at [dragonfly-maintainers@googlegroups.com](mailto:dragonfly-maintainers@googlegroups.com).",
  "id": "GHSA-4mhv-8rh3-4ghw",
  "modified": "2025-09-26T16:18:25Z",
  "published": "2025-09-17T20:10:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-4mhv-8rh3-4ghw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59351"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dragonflyoss/dragonfly"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-3970"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error"
}

GHSA-4MJM-C95J-8748

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2023-04-24 09:30
VLAI
Details

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3514"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-28T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.",
  "id": "GHSA-4mjm-c95j-8748",
  "modified": "2023-04-24T09:30:19Z",
  "published": "2022-05-24T19:03:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3514"
    },
    {
      "type": "WEB",
      "url": "https://github.com/389ds/389-ds-base/issues/4711"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4MJR-HJJC-26R8

Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27
VLAI
Details

The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-8882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-13T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.",
  "id": "GHSA-4mjr-hjjc-26r8",
  "modified": "2022-05-17T00:27:18Z",
  "published": "2022-05-17T00:27:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8882"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mdadams/jasper/issues/30"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3785"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/17/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/23/8"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95864"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4MQG-7G9G-H8FV

Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2022-05-24 17:19
VLAI
Details

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-13848"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-04T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.",
  "id": "GHSA-4mqg-7g9g-h8fv",
  "modified": "2022-05-24T17:19:21Z",
  "published": "2022-05-24T17:19:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13848"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pupnp/pupnp/issues/177"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00033.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.